CN107181760A - A kind of distributed nearly threat source attack blocking-up method and its device - Google Patents
A kind of distributed nearly threat source attack blocking-up method and its device Download PDFInfo
- Publication number
- CN107181760A CN107181760A CN201710549113.0A CN201710549113A CN107181760A CN 107181760 A CN107181760 A CN 107181760A CN 201710549113 A CN201710549113 A CN 201710549113A CN 107181760 A CN107181760 A CN 107181760A
- Authority
- CN
- China
- Prior art keywords
- attack
- security gateway
- protection control
- control module
- linked protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of distributed nearly threat source attack blocking-up method and its device, belong to cyberspace security technology area.Device of the present invention includes linked protection control module and attack blocks performing module;Linked protection control module is deployed in the guard system of network, and attack blocks performing module to be deployed in each security gateway of network.Method of the present invention by receive from attack detecting side transmit come attack type and path, according to security gateway deployment, try to achieve execution security gateway, execution security gateway on block network attack.The present invention, which is calculated, performs security gateway, execution security gateway can be calculated according to security gateway set and attack path, reduce consumption of the attack to Internet resources, the security gateway in the nearly threat source of selection is execution security gateway, it can prevent attack traffic from flowing in a network to greatest extent, improve flow in network efficient.
Description
Technical field
The present invention relates to the distributed nearly threat source attack blocking-up method of the one kind ensured applied to the network information security and its
Device, belongs to cyberspace security technology area.
Background technology
Network attack is more and more on current internet, not only makes servers go down, and cause Internet resources largely to disappear
Consumption, effective discharge are reduced, network availability is reduced etc..Traditional human strategy is frequently with fire wall or security gateway under fire
Nearby (nearly victim), such as data center's entrance, block the network attack of invasion, can block including Distributed Denial of Service attack
The a large amount of attacks attacked including (DDoS), protect the server of data center.But, this defence policies can not prevent attack
Consumption of the flow to Internet resources, lets alone attack traffic and Internet resources is arbitrarily taken outside fire wall.
With the improvement of network structure, the proposition of Next Generation Internet architectural framework, the raising of 5G internet securities, the world
Determination of integrated network overall plan etc., network information security guarantee strategies are not to turn into the security patch in network, but
It is dissolved into network itself, as one important part of network, or even the module as the network equipment, including but not
It is limited to the modules such as certification, signature, the attack detecting of the network terminal.
Still further aspect, with network information security Data Collection and convergence, the data mining of Security-Oriented analysis
Lifting, the deployment of network information security Study on Trend system of technology, many network attack detection means are not limited to fire wall
The analysis of single-point, has been deployed to network each sensor, on offline NetStream Data Analyzer and data mining server, to net
The analysis of network attack is more careful and complete.
The content of the invention
The present invention proposes that a kind of distribution is near and threatens source attack blocking-up method and its device, and one is provided for Network Security Environment
Plant and block network means.The present invention by receive from attack detecting side transmit come attack type and path, foundation safety net
The deployment of pass, tries to achieve the nearly attack for threatening source and blocks execution security gateway, referred to as perform security gateway, performing security gateway
Upper blocking network attack.
The nearly threat source attack occluding device of distribution that the present invention is provided, including linked protection control module and attack are blocked
Performing module;Linked protection control module is deployed in the guard system of network, and attack blocks performing module to be deployed in network
In each security gateway.Described linked protection control module receives attack path and attack type information in network, calculates branch
The execution security gateway that nearly threat source attack is blocked is held, distribution attack blocking instruction blocks performing module to attack, and acquisition is held
Row result.Described attack blocks performing module reception attack to block instruction, and control execution security gateway performs attack blocking and referred to
Order, and execution result back gives linked protection control module.
Described linked protection control module, in addition to attack block control effect to study and judge and abnormality processing, according to attack
Block the implementing result of performing module feedback to carry out effect to study and judge, the instruction to not blocking smoothly is submitted to guard system and alarmed
Information.
The nearly threat source attack blocking-up method of distribution that the present invention is provided, including:
(1) security gateway set is configured in linked protection control module;
(2) linked protection control module is received with decomposing attack information, obtains attack path and attack type;
(3) linked protection control module tries to achieve the execution safety net for supporting that nearly threat source attack is blocked on every estimated path
Close;
(4) linked protection module blocks instruction to security gateway transmission is performed, and converges and collect blocking instruction feedback;
(5) performing the attack in security gateway blocks performing module to perform blocking instruction, produces blocking action;
(6) attack blocks performing module analysis barrier effect performance indications, obtains implementation effect and is sent to linked protection control
Molding block;
(7) linked protection control module convergence implementation effect, studies and judges implementing result, is instructed for the blocking for performing failure,
Alerted to guard system.
Advantages of the present invention is with good effect:(1) present invention configuration security gateway information, it will be appreciated that the peace of the whole network
Full gateway quantity, can selectively dispose attack blocking strategy.(2) present invention, which is calculated, performs security gateway, according to security gateway
Set and attack path can calculate execution security gateway.(3) present invention can reduce consumption of the attack to Internet resources, choosing
The nearly security gateway for threatening source is selected to perform security gateway, can prevent attack traffic from flowing in a network to greatest extent, subtract
Lack attack traffic, improve flow in network efficient.
Brief description of the drawings
Fig. 1 is module arrangement schematic diagram in the nearly threat source attack occluding device of distribution that the present invention is provided;
Fig. 2 is the signal that the nearly threat source attack occluding device of distribution that the present invention is provided and method realize blocking mechanism
Figure.
Embodiment
Below in conjunction with drawings and examples, the present invention is described in further detail.Described embodiment is also only
It is a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Distributed nearly threat source attack occluding device of the invention, including linked protection control module and attack block execution mould
Block, as shown in Figure 1.Linked protection control module is deployed in the guard system of network, and linked protection control module can be with
Used simultaneously by multiple guard systems.Attack is blocked in the security gateway of performing module deployment in a network, is included but is not limited to
Safe access gateway, internetworking security gateway, fire wall etc., can be used by many or multiclass security gateway.Linked protection
Control module control attack blocks performing module to perform, and can perform attack resistance in the multiple execution security gateways of control of same period
It is disconnected.The attack that includes in the system detectio networks such as network attack detection, network safety situation analysis, network traffics off-line analysis exists
Interior relevant information is pushed to linked protection control module.
As shown in Fig. 2 linked protection control module is realized:Attack path is received and information decomposition with attack type information;
The nearly execution security gateway for threatening source attack to block is supported to calculate;Attack blocks control effect to study and judge and abnormality processing;Attack resistance
Severed finger order distribution is converged with result;Linked protection interactive communication agreement.Attack blocks performing module to realize:Block command reception with
As a result feed back;Performing security gateway attack blocks instruction to perform;Barrier effect Performance Analysis.Linked protection interactive communication is assisted
View realizes linked protection control module and extraneous communication, receives attack information, sends attack and blocks instruction etc..
In linked protection control module, core is that attack blocks control effect to study and judge and abnormality processing, using attack road
Footpath receives with information decomposition to handle the attack information of outside with attack type information, threatens what source attack was blocked using support is near
Perform security gateway to calculate to try to achieve execution security gateway, finally block instruction distribution to refer to result convergence to start using attack
Order and acquisition result.In blocking performing module is attacked, it is core with result feedback to block command reception, using execution safety net
Closing attack blocks instruction to perform to control flow, and implementation effect is monitored using barrier effect Performance Analysis.
The nearly threat source attack of distribution that the present invention is realized is blocked, during especially for distributed denial of service attack, estimation
Path has a plurality of, obtains each attack path, calculates the execution security gateway on each path, performs attack and blocks instruction.This hair
It is bright that attack blocking performing module is added in each security gateway.
In the present invention, support the nearly execution security gateway computational methods for threatening source attack to block are realized as follows:
Assuming that main frame rk1Attack main frame rknCertain attack path be
Pk={ rk1,rk2,…,rki,…,rkn-1,rkn, i=1,2 ..., and n }, k, n ∈ N.N represents positive integer.
Attack path PkIt is an oriented n tuple, represents k-th of attack rknPath, rkiFor attack path PkBy
I-th of node.Described node refers to that those can carry out the Internet and its equipment with upper strata of packet forwarding, can be with
It is main frame, router, security gateway etc..
Assuming that the security gateway collection in network is combined into
F={ f1,f2,…,fj,…,fm, j=1,2 ..., and m }, m ∈ N.
fjRepresent j-th of security gateway.Security gateway is an isolated node in network.Security gateway can be blocked and attacked
Hit path PkThe sufficient and necessary condition of flow be
rks、rkdAttack path P is represented respectivelykUpper s-th of node, k-th of node, DN (rks,rkd) represent in two nodes
rks、rkdBetween security gateway set.If above condition that is,Do not have in attack path so
There is security gateway, then, the attack can not be blocked.{rkiRepresent attack path PkOn from rksTo rkdNode set,
∩ represents to seek common ground.Node can be described with ip, then be exactly to find identical ip when seeking common ground.
Assuming that DN (rks,rkd)={ fi|i∈{1,2,…,n}};Near using the present invention attacks threat source attack blocking mechanism,
Selection performs security gateway ftAs prevention policies deployment point, path P is blockedkUpper node rksTo node rkdProcotol stream attack
Hit.The security gateway closest to threat source is chosen as execution security gateway, the method for specifically chosen execution security gateway is:
1. init Tag value i=1 is set;
2. in path PkOn choose a r in orderki, composition set Ft={ rki};
3. DN (r are calculatedks,rkd)∩Ft;
If 4.2. so i=i+1, turn;
If 5.Then choose rkiIt is used as execution security gateway.And rkiMeet lower noodles
Part:
Process shows above, sequentially chooses node from attack path successively, finds and performs security gateway, selected safety net
Closing distance threatens source nearest.
The nearly threat source attack blocking-up method of distribution that the present invention is provided, implementation process includes:
1. security gateway set F={ f are configured in linked protection control module1,f2,…,fj,…,fm, so as to conduct
Selection performs the foundation of security gateway.
2. linked protection control module is received with decomposing attack information, obtains " attack path " and " attack type " data.
3. to each attack path, linked protection control module tries to achieve the execution that the path supports nearly threat source attack to block
Security gateway.
4. the execution of linked protection control module control attack blocking, sends to security gateway and blocks instruction, convergence and receipts
Collection blocks instruction feedback.
5. performing the attack in security gateway blocks performing module to perform blocking instruction, produces blocking action.
6. attack blocks performing module analysis barrier effect performance indications, obtains implementation effect.
7. linked protection control module convergence implementation effect, studies and judges implementing result, is instructed for the blocking for performing failure, to
Guard system is alerted.
Embodiment
(1) linked protection module performs the attack path and attack type in " distributed nearly threat source attack blocking mechanism "
Information is received and information decomposition.Receiving attack information is:
The IP address of attacker's main frame is 100.100.100.10, is abbreviated as 100100100010;Victim host address
For 200.200.200.20,200200200020 are abbreviated as;Attack type is DDoS (distributed denial of service), wherein the 10th article
Attack path is:
P10=100100100010,100100100020,100100100030,100100100040,
100100100050,100100100060,100100100070,100100100080,100100100090,20020020010,
20020020020}
Attack path P10It is a 11 oriented tuples.
(2) security gateway set is configured in linked protection module:
F=200200200010,100100090020,100100100030,100100080060,1001 00100060,
100100060030,200200200050}
Security gateway is an isolated node in network, and the position of a node is occupied in the paths.
(3) support that linked protection module is performed in " distributed nearly threat source attack blocking mechanism " closely threatens source attack resistance
Disconnected execution security gateway is calculated, and is specially:
Judge that security gateway can block attack path P now10Sufficient and necessary condition
DN (100100100010,20020020020)=F ∩ P10
={ 200200200010,100100100030,100100100060 }
Due toSatisfaction can block the condition of attack.Current three
Individual security gateway (| DN (100100100010,20020020020) |=attack 3) can be blocked, in order to economize on resources and improve
Performance, it is only necessary to select a security gateway just to meet requirement to perform security gateway.Here is that selection performs safety net
The process of pass:
1. in P10The 1st security gateway composition set F is selected in path in ordert={ 100100100020 }.
2. calculateIt is unsatisfactory for condition.
3. again in P10The 2nd security gateway composition set F is selected in path in ordert={ 100100100030 }.
4. F is calculatedt∩ DN={ 100100100030 }, are not sky, and satisfaction can block the condition of attack.
5. security gateway 100.100.100.30 is chosen as execution security gateway.I.e. closest to the safety net of attacker
Close, sending attack to the execution security gateway blocks instruction.
(4) attack that linked protection module is performed in " distributed nearly threat source attack blocking mechanism " blocks control, specifically
For:
Sent to security gateway 100.100.100.30 and block path P10The instruction of information flow.
(5) the execution security gateway that attack blocks performing module to perform in " distributed closely to threaten source attack blocking mechanism " is attacked
Hit blocking instruction to perform, be specially:
Block path P10Information flow.
(6) attack blocks performing module to perform the execution barrier effect in " distributed closely to threaten source attack blocking mechanism "
Energy index analysis, be specially:
Analyse whether to have blocked P in executable security gateway exit10Information flow, analyzes result for " P10Information flow
Block ".
The implementing result that linked protection module is performed in " distributed nearly threat source attack blocking mechanism " is studied and judged, and is specially:
Receive and convergence blocks implementing result, including " P10Information flow has been blocked " information.To the unrealized finger smoothly blocked
Order, warning message is submitted to guard system.
Claims (6)
1. a kind of distributed nearly threat source attack occluding device, it is characterised in that hindered including linked protection control module and attack
Disconnected performing module, linked protection control module is deployed in the guard system of network, and attack blocks performing module to be deployed in network
Security gateway in;
Described linked protection control module receives attack path and attack type information in network, calculates and supports nearly threat source to attack
The execution security gateway of blocking is hit, distribution attack blocks instruction to block performing module to attack, and obtains implementing result;
Described attack blocks performing module reception attack to block instruction, and control execution security gateway performs attack and blocks instruction,
And execution result back gives linked protection control module.
2. device according to claim 1, it is characterised in that described linked protection control module, is configured with safety net
Set is closed, when calculating the execution security gateway for supporting closely to threaten source attack to block, using set and computing, the order of selection is
The order occurred according to security gateway in attack path, it is specific as follows:
First determine whether whether there is security gateway in attack path, if there is security gateway set DN;Sequentially selected from attack path
Node is taken, judges whether there is common factor with DN, when there is common factor, node is taken as execution security gateway using currently selected.
3. device according to claim 1, it is characterised in that described linked protection control module, in addition to attack resistance
Disconnected control effect is studied and judged and abnormality processing, and the implementing result for blocking performing module to feed back according to attack carries out effect and studied and judged, to not
The instruction smoothly blocked, warning message is submitted to guard system.
4. device according to claim 1, it is characterised in that described attack blocks performing module, in addition to blocks effect
Fruit Performance Analysis, analyses whether to have blocked the information flow in current attack path performing security gateway exit.
5. device according to claims 1 to 4, it is characterised in that described linked protection control module, can be controlled simultaneously
Multiple execution security gateways;Described linked protection control module, can simultaneously be used by multiple guard systems.
6. based on the nearly threat source attack blocking-up method of distribution that any described device of Claims 1 to 4 is realized, its feature exists
In, including step is as follows:
(1) security gateway set is configured in linked protection control module;
(2) linked protection control module is received with decomposing attack information, obtains attack path and attack type;
(3) linked protection control module tries to achieve the execution security gateway for supporting that nearly threat source attack is blocked on every estimated path;
(4) linked protection module blocks instruction to security gateway transmission is performed, and converges and collect blocking instruction feedback;
(5) performing the attack in security gateway blocks performing module to perform blocking instruction, produces blocking action;
(6) attack blocks performing module analysis barrier effect performance indications, obtains implementation effect and is sent to linked protection control mould
Block;
(7) linked protection control module convergence implementation effect, studies and judges implementing result, is instructed for the blocking for performing failure, Xiang Fang
Protecting system is alerted.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710549113.0A CN107181760A (en) | 2017-07-07 | 2017-07-07 | A kind of distributed nearly threat source attack blocking-up method and its device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710549113.0A CN107181760A (en) | 2017-07-07 | 2017-07-07 | A kind of distributed nearly threat source attack blocking-up method and its device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107181760A true CN107181760A (en) | 2017-09-19 |
Family
ID=59844597
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710549113.0A Pending CN107181760A (en) | 2017-07-07 | 2017-07-07 | A kind of distributed nearly threat source attack blocking-up method and its device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107181760A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107682326A (en) * | 2017-09-21 | 2018-02-09 | 北京邮电大学 | A kind of security gateway linked protection mechanism, agreement and module |
CN108900515A (en) * | 2018-07-09 | 2018-11-27 | 赖洪昌 | A kind of cyberspace loophole merger platform data forward service system |
CN110505243A (en) * | 2019-09-18 | 2019-11-26 | 浙江大华技术股份有限公司 | The processing method and processing device of network attack, storage medium, electronic device |
CN113992431A (en) * | 2021-12-24 | 2022-01-28 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
CN114726602A (en) * | 2022-03-29 | 2022-07-08 | 中国工程物理研究院计算机应用研究所 | Self-adaptive threat blocking method for enterprise intranet under network zero change condition |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075503A (en) * | 2009-11-24 | 2011-05-25 | 北京网御星云信息技术有限公司 | A network intrusion prevention system based on cloud computing |
CN102111394A (en) * | 2009-12-28 | 2011-06-29 | 成都市华为赛门铁克科技有限公司 | Network attack protection method, equipment and system |
US20150281278A1 (en) * | 2014-03-28 | 2015-10-01 | Southern California Edison | System For Securing Electric Power Grid Operations From Cyber-Attack |
WO2016150253A1 (en) * | 2015-03-24 | 2016-09-29 | 华为技术有限公司 | Sdn-based ddos attack prevention method, device and system |
CN106657144A (en) * | 2017-01-20 | 2017-05-10 | 北京理工大学 | Dynamic protection path planning method based on reinforcement learning |
-
2017
- 2017-07-07 CN CN201710549113.0A patent/CN107181760A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102075503A (en) * | 2009-11-24 | 2011-05-25 | 北京网御星云信息技术有限公司 | A network intrusion prevention system based on cloud computing |
CN102111394A (en) * | 2009-12-28 | 2011-06-29 | 成都市华为赛门铁克科技有限公司 | Network attack protection method, equipment and system |
US20150281278A1 (en) * | 2014-03-28 | 2015-10-01 | Southern California Edison | System For Securing Electric Power Grid Operations From Cyber-Attack |
WO2016150253A1 (en) * | 2015-03-24 | 2016-09-29 | 华为技术有限公司 | Sdn-based ddos attack prevention method, device and system |
CN106657144A (en) * | 2017-01-20 | 2017-05-10 | 北京理工大学 | Dynamic protection path planning method based on reinforcement learning |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107682326A (en) * | 2017-09-21 | 2018-02-09 | 北京邮电大学 | A kind of security gateway linked protection mechanism, agreement and module |
CN107682326B (en) * | 2017-09-21 | 2020-08-07 | 北京邮电大学 | Security gateway linkage protection mechanism, protocol and module |
CN108900515A (en) * | 2018-07-09 | 2018-11-27 | 赖洪昌 | A kind of cyberspace loophole merger platform data forward service system |
CN108900515B (en) * | 2018-07-09 | 2021-06-04 | 赖洪昌 | Data forwarding service system of network space vulnerability merging platform |
CN110505243A (en) * | 2019-09-18 | 2019-11-26 | 浙江大华技术股份有限公司 | The processing method and processing device of network attack, storage medium, electronic device |
CN113992431A (en) * | 2021-12-24 | 2022-01-28 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
CN113992431B (en) * | 2021-12-24 | 2022-03-25 | 北京微步在线科技有限公司 | Linkage blocking method and device, electronic equipment and storage medium |
CN114726602A (en) * | 2022-03-29 | 2022-07-08 | 中国工程物理研究院计算机应用研究所 | Self-adaptive threat blocking method for enterprise intranet under network zero change condition |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107181760A (en) | A kind of distributed nearly threat source attack blocking-up method and its device | |
Bawany et al. | DDoS attack detection and mitigation using SDN: methods, practices, and solutions | |
Karie et al. | IoT threat detection advances, challenges and future directions | |
Deepa et al. | Detection of DDoS attack on SDN control plane using hybrid machine learning techniques | |
Dao et al. | A feasible method to combat against DDoS attack in SDN network | |
CN103561004B (en) | Cooperating type Active Defending System Against based on honey net | |
CN104506507B (en) | A kind of sweet net safety protective system and method for SDN | |
CN101087196B (en) | Multi-layer honey network data transmission method and system | |
CN104954367B (en) | A kind of cross-domain ddos attack means of defence of internet omnidirectional | |
CN105208037A (en) | DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection | |
CN103023924A (en) | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform | |
Hirayama et al. | Fast target link flooding attack detection scheme by analyzing traceroute packets flow | |
CN103546488A (en) | Active security defense system and method of power secondary system | |
CN108076053A (en) | A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method | |
CN109474605A (en) | A kind of source net lotus industrial control system composite defense method based on Autonomous Domain | |
Myneni et al. | SmartDefense: A distributed deep defense against DDoS attacks with edge computing | |
Das et al. | Flood control: Tcp-syn flood detection for software-defined networks using openflow port statistics | |
Haggerty et al. | DiDDeM: a system for early detection of TCP SYN flood attacks | |
CN102123136A (en) | Method for identifying DDoS (distributed denial of service) attack flow | |
Haggerty et al. | Early detection and prevention of denial-of-service attacks: a novel mechanism with propagated traced-back attack blocking | |
Thorat et al. | SDN-based machine learning powered alarm manager for mitigating the traffic spikes at the IoT gateways | |
Barika et al. | Artificial neural network for mobile IDS solution | |
CN1367434A (en) | Intraconnection network computer and Internet unauthorized connection monitoring system and its method | |
CN113489694B (en) | Dynamic defense system for resisting large-flow attack in honey farm system | |
CN114978667A (en) | SDN network DDoS attack detection method based on graph neural network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170919 |